ISMS Assessment

Do you know your cybersecurity readiness? Take our 10 minutes assessment to know your compliance readiness.

0 Score! Get Final Report Restart Assessment

0 to 30 : You got lot to do… let’s get to work!
31 to 60 : You are almost there..
61 to 70 : You got this!

Instructions: Use the Compliance Assessment to understand your organization's current compliance status. At the end of the assessment, use the result to best evaluate, delineate the orientation of your Organzation's compliance posture.

Identification of Objectives for your business

It is important to identify and list objectives in order to gain management support. To start off, it is prudent to have primary objectives in place for a healthy information security management system(ISMS). (not limited to company's mission, IT goals and strategic goals). Examples:- Increasing company's profits and revenue by providing a robust security program for the client's data and information. Proper compliance with industry regulations and guidelines.

#	Question/Requirements	Rating
1	Does your Organization or Information Security team have a detailed/listed primary objectives of the Organization?	0 1 2 3 4 5

Obtain Management Support

It is very important to have the involvement and approval of management to commit to planning, implementation, and continuous monitoring and maintenance of ISMS.

#	Question/Requirements	Rating
2	Does your Organization have all the relevant stakeholders and management's support and approval?	0 1 2 3 4 5

Define Scope

Scoping helps delineate relevant business units, vendors contractors.

#	Question/Requirements	Rating
3	Does your Organization have a document that details the scope of the ISMS?	0 1 2 3 4 5

Brief Policy

A policy is the highest level and important document. A ISMS policy helps explain what needs to be achieved and how it can be controlled.

#	Question/Requirements	Rating
4	Does your Organization have a defined documented ISMS policy?	0 1 2 3 4 5

Define Risk Assessment methodology

It is prudent to formulate a risk assessment methodology - assess, resolve, and control risks.

#	Question/Requirements	Rating
5	Do you have a Risk Assessment Management program?	0 1 2 3 4 5
6	Do you have a risk treatment plan in place to manage risks?	0 1 2 3 4 5
7	Do you have policies and procedures to control risks?	0 1 2 3 4 5

Statement of Applicability (SoA)

The statement of applicability details all relevant controls (applicable and those which are not) with supporting reasoning. It also details the objectives for each control with supporting plans for implementation. It is required for management authorization for the implementation of ISMS.

#	Question/Requirements	Rating
8	Does your Organization have the Statement of Applicability document?	0 1 2 3 4 5

Mandatory Documents and Records

This is a critical step as it requires implementation and enforcement of controls and procedures. If you have more than x document rate y

#	Question/Requirements	Rating
9	Do you have the list of documents listed and required by ISO 27001? Refer the list below. - Scope of the ISMS - Information security policy and objectives - Risk assessment and risk treatment methodology - Statement of Applicability - Risk treatment plan - Risk assessment report - Definition of security roles and responsibilities - Inventory of assets - Acceptable use of assets - Access control policy	0 1 2 3 4 5

Implement Training Awareness

It is imperative to have a ISMS training and awareness program. All employees and workers are required to be briefed about policies and procedures, additionally further train them to have required skills to execute and support the policies and procedure.

#	Question/Requirements	Rating
10	Do you have a ISMS training and awareness program in place?	0 1 2 3 4 5
11	Does your Organization conduct periodic training sessions?	0 1 2 3 4 5

Measure and Monitor

Measuring, monitoring and reviewing your ISMSs performance helps ensure your organization is aligned to its information security objectives. Different methods can be employed to gauge the effectiveness of all controls put in place. Conducting regular audits on your ISMS is one such method.

#	Question/Requirements	Rating
12	Do you review your policy document, at least once a year?	0 1 2 3 4 5
13	Do you have a documented process for conducting regular internal audits?	0 1 2 3 4 5

ISMS certification

ISMS certification should be from an accredited certification body (should be a member of the International Accreditation Body, IAF). An audit, by the certifying body tests if the procedures in practice is in line with ISO27001.

#	Question/Requirements	Rating
14	Is your ISMS audited and certified?	0 1 2 3 4 5

ISMS Assessment

Your Score: 0 ! You got lot to do… let’s get to work!

0 to 30 : You got lot to do… let’s get to work!
31 to 60 : You are almost there..
61 to 70 : You got this!

e-InnoSec is a Professional Services and Consulting organization that brings expertise to the clients to supplement their business needs. We are compliance and cybersecurity professionals serving small, midsize, and startup organizations to simplify compliance, transform cybersecurity, and save costs. To learn more click here.
Try our Cybersecurity Free Courses with Securetain.
Review your assessment questionnaire in the attachment.

#	Question/Requirements	Rating
Identification of Objectives for your business
1	Does your Organization or Information Security team have a detailed/listed primary objectives of the Organization ?	0
Obtain Management Support
2	Does your Organization have all the relevant stakeholders and management's support and approval?	0
Define Scope
3	Does your Organization have a document that details the scope of the ISMS?	0
Brief Policy
4	Does your Organization have a defined documented ISMS policy?	0
Define Risk Assessment methodology
5	Do you have a Risk Assessment Management program?	0
6	Do you have a risk treatment plan in place to manage risks?	0
7	Do you have policies and procedures to control risks?	0
Statement of Applicability (SoA)
8	Does your Organization have the Statement of Applicability document?	0
Mandatory Documents and Records
9	Do you have the list of documents listed and required by ISO 27001?	0
Implement Training Awareness
10	Do you have a ISMS training and awareness program in place?	0
11	Does your Organization conduct periodic training sessions?	0
Measure and Monitor
12	Do you review your policy document, at least once a year?	0
13	Do you have a documented process for conducting regular internal audits?	0
ISMS certification
14	Is your ISMS audited and certified?	0

Get your free report!

For security reasons, complete the form below. You will receive your score to the email ID mentioned below.

Name *

Phone

Email *

Company Name *

SOC & ISO

FINANCIAL

HEALTHCARE

GOVT/NIST

DEVELOP/DEPLOY

REVIEW & IMPLEMENT

RISK MANAGEMENT

PRIVACY & DATA PROTECTION

DATA PROTECTION

SYSTEMS SECURITY

STRATEGY SERVICES

MONITORING SERVICES

CLOUD SECURITY

CLOUD SECURITY MATURITY

ISMS Assessment

0 Score! Get Final Report Restart Assessment

ISMS Assessment

Your Score: 0 ! You got lot to do… let’s get to work!

Identification of Objectives for your business

0

Obtain Management Support

0

Define Scope

0

Brief Policy

0

Define Risk Assessment methodology

0

0

0

Statement of Applicability (SoA)

0

Mandatory Documents and Records

0

Implement Training Awareness

0

0

Measure and Monitor

0

0

ISMS certification

0

Get your free report!

(+1) 737-333-4273

charu.pel@einnosec.com